CVE-2025-36594

CVE-2025-36594 PUBLISHED

Assigner: dell
Reserved: 15.04.2025 Published: 04.08.2025 Updated: 12.08.2025

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Dell
Product	PowerProtect Data Domain Feature Release
Versions	Default: unaffected affected from 7.7.1.0 to 8.3.0.15 (incl.)

Vendor

Dell

Product

PowerProtect Data Domain Feature Release

Versions

Default: unaffected

affected from 7.7.1.0 to 8.3.0.15 (incl.)

Vendor	Dell
Product	PowerProtect Data Domain LTS2024
Versions	Default: unaffected affected from 7.13.1.0 to 7.13.1.25 (incl.)

Vendor

Dell

Product

PowerProtect Data Domain LTS2024

Versions

Default: unaffected

affected from 7.13.1.0 to 7.13.1.25 (incl.)

Vendor	Dell
Product	PowerProtect Data Domain LTS 2023
Versions	Default: unaffected affected from 7.10.1.0 to 7.10.1.60 (incl.)

Vendor

Dell

Product

PowerProtect Data Domain LTS 2023

Versions

Default: unaffected

affected from 7.10.1.0 to 7.10.1.60 (incl.)

References

Problem Types

CWE-290: Authentication Bypass by Spoofing CWE